Up to now, NATO has been reluctant to declare any cyber attack as the equivalent to an armed attack, which is what triggers article 5. So in the case of Estonia, you'll see it did not invoke article 5. That said, there's article 4 on consultation, and that was utilized. In the cyber defence doctrine that I just referred to, you will see that basically it says that if a member state feels the need for assistance as a result of a cyber attack, it can make a request and NATO will try to assist.
That's how it is being handled today. I think that's a reasonable approach within the alliance.